Uncategorized Archives - Page 3 of 51 - TuxCare

Vulnerability in netfilter code allows local privilege escalation

Many high-level technologies in the IT industry, in fact most of them, are built on top of existing features. Containers are a prime example of this. This lightweight virtualization layer is built on top of a foundation that, among other things, relies heavily on cgroups. Cgroups, aka control groups, are an abstraction that allows specific system components like memory, CPU, or networking to be separated by access levels. This is useful for hiding parts of the system from specific processes running on it, enabling some processes to run “isolated” from the rest of the system or “inside a container”.

But this layering of technologies brings some risks. When a vulnerability that affects one of the foundation components appears, the whole stack is potentially vulnerable. This is what happened with CVE-2022-25636, a recently divulged vulnerability that affects the cgroups’ networking code. It impacts distributions running Kernel 4.18.0-240.el8 and above (RHEL 8 and derivatives like AlmaLinux 8, CentOS 8, Oracle EL 8, as well as Ubuntu and others). It allows privilege escalation for local users. KernelCare Enterprise patches will be made available soon and this post will be updated to reflect such availability as it happens.

Continue reading “Vulnerability in netfilter code allows local privilege escalation”

ePortal storage optimization improvement

The TuxCare Team is always looking for new ways to improve the experience provided by our products. A pain point we identified was the amount of storage space required to hold KernelCare patchsets and the network bandwidth required to transfer that information to ePortal deployments.

One of the improvements currently being developed is the ability to configure ePortal to function in a new cache mode, where full functionality is retained while reducing storage requirements by up to 80% in some scenarios.

Continue reading “ePortal storage optimization improvement”

Dangerous remotely exploitable vulnerability found in Samba

Samba, the widely used file sharing tool, has a well-established presence, especially in mixed system environments, where file shares have to be accessed from different operating systems. Like NFS, it has a well-deserved reputation for compatibility, availability, and, most importantly, security. 

High-profile services like Samba are enticing targets for attackers, and vulnerabilities found in these services can often have far-reaching consequences that are sometimes lost in the noise around CVE announcements. CVE-2021-44142, one of the recently disclosed vulnerabilities affecting Samba, has managed to rise above the rest. It is a remotely exploitable vector that could trigger remote code execution. Does anyone else remember Log4j?

All versions of Samba prior to 4.13.17 are affected. TuxCare’s Extended Lifecycle Support team has released patches for CentOS 8.4, 8.5 and Ubuntu 16.04, all of which are impacted.

Continue reading “Dangerous remotely exploitable vulnerability found in Samba”

Taking a look at the role of CXO at TuxCare – and why it matters

Delivering solutions in complex technology environments means balancing many competing priorities, both internal and external. There’s always a risk that the customer experience takes a back seat, with predictable consequences.

That’s why CX – customer experience – has become such a hot topic across the tech industry as vendors try to find ways to improve and maintain the customer experience.

Here at TuxCare we recognize that, beyond just delivering industry-leading technology, we also need to deliver an outstanding customer experience. That’s why, in 2021, we appointed David Mello as Chief Experience Officer (CXO) for TuxCare.

David joined us to make sure that the customer’s voice gets heard every step of the way – from the boardroom, right through to the individual TuxCare staff members that make our products great. In this article, we outline the role of our CXO, what we achieved so far, and why it matters so much for our customers.

Continue reading “Taking a look at the role of CXO at TuxCare – and why it matters”

Monthly TuxCare Update – January 2022

Welcome to the January instalment of our monthly news round-up, bought to you by TuxCare. Proud to be a trusted maintenance service provider for the Enterprise Linux industry. Our live patching solutions maximize system security and uptime while minimizing maintenance workload and system disruption. 

Continue reading “Monthly TuxCare Update – January 2022”

Using CentOS 8 and worried about LUKS? Here’s how TuxCare can help

Death, taxes, and new CVEs… those are all things we can be very certain about in life. For users of CentOS 8, the inevitable has now happened: a new CVE was reported covering a serious vulnerability that affects a broad group of users. Users of CentOS 8 won’t get access to an official patch due to EOL.

If you’re on CentOS 8 right now you’re in a tight spot. You can’t continue to run an unsecured, non-compliant workload indefinitely – particularly when such a major vulnerability has been identified. Nor can you rush your migration, because that could have disastrous consequences of its own.

In this article we outline what the latest LUKS vulnerability is, why it poses such a significant danger – and explain how TuxCare’s live patching service can help tide you over until you’re ready to migrate.

Continue reading “Using CentOS 8 and worried about LUKS? Here’s how TuxCare can help”

CentOS 8: Why extended support is better than rushed migration

Still using CentOS 8 even though it’s now unsupported, and in spite of the obvious risks? Well, in a way it’s understandable. Red Hat took everyone by surprise when it cut the official support window for CentOS 8 from ten years to two years, leaving you with just a year’s notice that the OS is going end of life.

A year sounds like a long time, but it flies by in the life of a busy sysadmin – and it’s not a particularly long period of time to test system migration. But if the recently discovered LUKS bug pushed you into action, we want to use this article to tell you to stop and wait. A rushed, ill-considered migration can be catastrophic.

Read on to see what you should think about before you migrate, and why extended lifecycle support may well be a better option than rushing through a migration process.

Continue reading “CentOS 8: Why extended support is better than rushed migration”


State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching